Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Boleto-10-2011.exe

windows7-x64

10

Boleto-10-2011.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2daf9f0a1efeddf61ad131bb0ad55057_JaffaCakes118

  • Size

    334KB

  • Sample

    240708-y6zf2sxbnn

  • MD5

    2daf9f0a1efeddf61ad131bb0ad55057

  • SHA1

    902658788b2471393bf8129d86323b15ce9b344d

  • SHA256

    b47cba80a43f6f817aac64184597d953e86f8000460b2185ae0751509ab335eb

  • SHA512

    8ef3b4352891ecf99809ea45220bb89bc21042b7a68772912d901bdaca82290abb11ab9748dc9d269cb5ba245a501f0862c7ff3c7587a9438947778e08c3f8f2

  • SSDEEP

    6144:QISpMp5s2xhZMaJTXPiap/ZMiPC0i7r4JdqJ8+RPGgmT5xNxESkO+bY:jS2NXZvt6aTMR7rIdqJrRMXEPOH

Score
10/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      Boleto-10-2011.com

    • Size

      353KB

    • MD5

      681abf81004f57b2930a7fade361c160

    • SHA1

      43707fceb0fda0045e2ad1522375f66a25a9a5ad

    • SHA256

      7e07c36e47c45f16faf8f41e4805396dc99445a3c563258d9a6ed65b638e073a

    • SHA512

      15ad726644ffb33279afe2beef362de6f077247e6487b589bcffebb45ab00608286448d0d02c16ef4c3c486dee374e9fc95988641f3c4702be7e442494178585

    • SSDEEP

      6144:uAkg2vhVMaJTXPiap/ZMUxgdUCxlZn+aC1meyUGimMxSkOZbX:u02ZVvx6aTMLX/5W1meyUGp8POt

    Score
    10/10
    bootkitevasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

5
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks